glibc-2.12-1.47.AXS4

エラータID: AXSA:2012-38:01

リリース日:

2012/01/20 Friday - 15:13

題名:

影響のあるチャネル:

Asianux Server 4 for x86

Asianux Server 4 for x86_64

Severity:

High

Description:

以下項目について対処しました。

[Security Fix]
- GNU C Library の ldd は LD_TRACE_LOADED_OBJECTS チェックを除くよう変更したローダとリンクされたトロイの木馬実行ファイルによってローカルのユーザが権限を得る脆弱性があります。(CVE-2009-5064)
- GNU C Library の addmntent 関数には /etc/mtab ファイルに書き込もうとして失敗したエラーステータスを報告しておらず，ローカルのユーザが /etc/mtab ファイルの破壊を引き起こしやすくなる脆弱性があります。なお CVE-2010-0296 とは異なる脆弱性です。(CVE-2011-1089)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp

解決策:

パッケージをアップデートしてください。

CVE:

CVE-2009-5064
** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc."

CVE-2011-1089
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

追加情報:

N/A

ダウンロード:

SRPMS

glibc-2.12-1.47.AXS4.src.rpm
MD5: fcfa5e6c3f2684e650511b18c80b10c4
SHA-256: 97a49804a597aba5aac564f40c4217ae7f8a75fa768974e202129ec8e6442565
Size: 15.21 MB

Asianux Server 4 for x86

glibc-2.12-1.47.AXS4.i686.rpm
MD5: ebb71f7d7e40df3487bd4fc5f264407b
SHA-256: b93cd06c1142f982334363b1ac06c4980049e55cc22029b0a511fcb9ca4e625b
Size: 4.28 MB
glibc-common-2.12-1.47.AXS4.i686.rpm
MD5: f5e0ba65e872d02a0caf4564546ba3af
SHA-256: 7beb0a1a17e6fbe38d61440c137036b95623fe3ee7e49c054e4c733af2c47cb7
Size: 14.16 MB
glibc-devel-2.12-1.47.AXS4.i686.rpm
MD5: 86bc58a99c46422ccdcf6729ca1318fd
SHA-256: eaa773f77d84ec247fff956ea8030b7a557c7cb729c9b122c39a47718c533cc5
Size: 965.70 kB
glibc-headers-2.12-1.47.AXS4.i686.rpm
MD5: 252c1e5366e094b2a8a64c35744dde88
SHA-256: ba1d285f6e16bd21fb72b916e33d909521d3ed9c11276cccac74f7ac3705db04
Size: 604.01 kB
glibc-utils-2.12-1.47.AXS4.i686.rpm
MD5: bfe64f0236ecb53935dd551174856631
SHA-256: 1b33631e40a0e6fd5357ec55c13538ba3dd7952006883a75ac3c5e8074c62aae
Size: 159.73 kB
nscd-2.12-1.47.AXS4.i686.rpm
MD5: f5d142e314e2eeaf6980c03274da30fe
SHA-256: 3c5b3cc95f4c1232dcfd0365df89e949eadb5c03e65dac06c01a2338ed3f1926
Size: 201.09 kB

Asianux Server 4 for x86_64

glibc-2.12-1.47.AXS4.x86_64.rpm
MD5: 9eed0d3635160399358b8a0ca13f5638
SHA-256: 5cc13809028358bca8a4bf7e9402fde2aba191298b491231d0e0811b813520d6
Size: 3.78 MB
glibc-common-2.12-1.47.AXS4.x86_64.rpm
MD5: 5b952dcafadc13be39fec1a001e6d4f6
SHA-256: ea0ecdcbff423c5c1956554462fa9e7c8be809683e34ba33f8a7b2eb72c3ef57
Size: 14.18 MB
glibc-devel-2.12-1.47.AXS4.x86_64.rpm
MD5: 6371cd57ae044cdd4095ca6b87a36459
SHA-256: ccc3f7f3c19a5c01ad0eac9963894133d45b625676d51c0095ed3fb18c73e4cb
Size: 964.80 kB
glibc-headers-2.12-1.47.AXS4.x86_64.rpm
MD5: 5afe6c91c98a3e748e9fadc52c2bf2b4
SHA-256: a94cd63315c29884778e39e96d20b5376f9ac2c0cd3d870e9b4138a36e8561a6
Size: 595.45 kB
glibc-utils-2.12-1.47.AXS4.x86_64.rpm
MD5: a28d865db43a4657f7b6727560525035
SHA-256: 8ee1a9193897c7eb52d701265e49ce25d531987fbf8fc6bebcf03ebcf224ccee
Size: 158.37 kB
nscd-2.12-1.47.AXS4.x86_64.rpm
MD5: deb794883425c859932ac08bf9c1b0a9
SHA-256: d2464b8f4e79ee1d0fd1937eb3824339f500f5719129973157aff259de084f19
Size: 201.69 kB
glibc-2.12-1.47.AXS4.i686.rpm
MD5: ebb71f7d7e40df3487bd4fc5f264407b
SHA-256: b93cd06c1142f982334363b1ac06c4980049e55cc22029b0a511fcb9ca4e625b
Size: 4.28 MB
glibc-devel-2.12-1.47.AXS4.i686.rpm
MD5: 86bc58a99c46422ccdcf6729ca1318fd
SHA-256: eaa773f77d84ec247fff956ea8030b7a557c7cb729c9b122c39a47718c533cc5
Size: 965.70 kB

Main menu

You are here

glibc-2.12-1.47.AXS4